Technology Risk Job Description
Technology Risk Duties & Responsibilities
To write an effective technology risk job description, begin by listing detailed duties, responsibilities and expectations. We have included technology risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Technology Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Technology Risk
List any licenses or certifications required by the position: CISA, CISSP, CRISC, CIA, CPA, CISM, CTPRP, CIPP, QSA, ISA
Education for Technology Risk
Typically a job would require a certain level of education.
Employers hiring for the technology risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Business, Technology, Management, Information Technology, Engineering, Accounting, Education, MBA, Information Systems
Skills for Technology Risk
Desired skills for technology risk include:
Desired experience for technology risk includes:
Technology Risk Examples
Technology Risk Job Description
- Monitor through completion all technology related action plans including those identified during internal and external audits
- Lead and support Technology units in identifying, evaluating and assessing risks and controls via the Risk and Control Self-Assessment (RCSA) process
- Advise IT operations and solutions groups and business executives on the status of technology risks based on assessment results
- Facilitate annual assessments in support of SOX obligations
- Review all assessments with control owners to discuss what risks have been identified in the past, risk and controls currently in place and what has changed since (if anything)
- Assisting with the preparation and planning for all internal and external audits, including government agencies
- Work with WSS to implement single sign-on and provide user provisioning / certification
- Exposure to Agile / DevOps practices
- Review technology and security risk issues internal and external incidents in order to help inform the 2nd line of defense independent view of the overall technology and security risk posture of the Firm and its underlying legal entities
- Management of enterprise-wide projects with multiple stakeholders
- Experience of operating within a control environment (risk, change management ) in IT
- Must be able to demonstrate excellent stakeholder management, communication and presentation skills
- Work with Technology teams to deliver Technology CSAs, including the identification of control gaps and agreement of remediation actions with Technology management
- Provide support to Technology staff and management to deliver Technology CSAs, ensuring accurate capture/reporting of the risk status
- Proven ability to produce and maintain effective working relationships across IT and the business, comfortable in a role that challenges senior stakeholders
- SOX Control – ensure appropriate controls are in place, test steps are accurate and narrative documentation is current
Technology Risk Job Description
- Monitoring of execution of remediation action plans for identified I&T risk gaps
- Ensuring IT risks are appropriately managed within the risk appetite tolerances and limits
- Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
- Performing aggregation and reporting of IT risk metrics and data
- Executing at least monthly risk management meetings for each IT department to ensure risk transparency to all stakeholders
- Conducting quarterly SOX Risk and Control status assessment and reporting for each IT department
- Accountable for business resiliency risk oversight
- Provide leadership and direction across enterprise for proper planning, execution and escalation for business resiliency risk across all businesses and divisions
- Partner with business to design and implement the strategic business resiliency program
- Be key partner with business resiliency program team across business and IT to mature risk management capabilities
- Hands on experience with at least one of the following aspects information Security - application security, network security, identity and access management, third party security, or 3 years of enterprise architecture experience
- Leads / performs project management activities, including project management of the implementation, user and developer engagement, system design, requirements gathering, and setting overall strategy within scope of reporting
- Effectively communicates project's objectives to users and ensures objectives are being met
- Minimum 3 years in a risk management and or/governance role
- Working knowledge of the firm’s business and of the financial services industry
- Experienced in managing process and ensuring high quality and timely delivery of product
Technology Risk Job Description
- Mentor other members on the team on security, risk, privacy and compliance topics
- Lead qualitative and quantitative risk assessments efforts on Information Technology, Information Security, Third Party Vendor, and other relevant company risks, recommend mitigation strategies, and work with internal partners to assign monitoring responsibility
- Lead self-assessments to determine control effectiveness and communicate results to internal partners and executive management
- Provide leadership of at least one direct report provide work direction to less experienced band 30's and 35's
- Facilitate deployment and maintenance of Technology risk and controls model within Asset Management Technology (AMT) teams using industry standard models (e.g., COBIT5, ITIL, NIST) as references
- Lead the strategic direction for development, deployment and maintenance of Technology risk/governance model for Asset Management Technology (AMT) using industry standard models (e.g.COBIT5, ITIL, NIST) as a reference
- Support the Operational Risk Management (ORM) process for AMT organization
- Identify and implement tools to automate and support AMT risk functions which includes documented processes, risks and controls and provide reporting of status
- Engage with Risk & Control Services (RCS) and other audit and compliance functions to align work and deliverables with the Technology operating model
- Create and conduct any Technology risk-related training
- Coursework or experience in network security, computer security, vulnerability assessment, system design, encryption schemes
- 7+ years of expertise and professional experience in Technology Audit
- Track record of superior performance with emphasis on quality, ability to deliver timely results
- Ability to operate in a complex, fast paced, matrix environment
- Willingness to be hands-on and detailed oriented
- Industry certification – CISSP, CISA, GIAC
Technology Risk Job Description
- Challenge business / functions and CIOs view of risk in strategic and tactical initiatives providing insight to the first line on key areas to address from a technology risk perspective
- Identify critical data assets and assess appropriate risk management
- Highlight technology risk in business strategies and implementation plans and identify risk of obsolescence or migration concerns in a quickly changing IT landscape
- Develop and refine technology risk goals and objectives, and challenge business / functions and CIO's prioritization of technology risk mitigation
- Provide regular reports on Technology Risk to show risk trends and provide insight on root cause and remediation options in collaboration with the business and IT teams
- Monitor new business initiatives for emerging technology risk and support the reporting and escalation in risk identification and evaluation
- Coordination with EI Tower Risk Officers to facilitate timely execution on the risk agenda
- Assist Senior Risk Officer with monthly collation of data for Divisional Risk Committee, Technology Risk Committee and regional committees as required
- Participate and contribute in risk officer forums
- Work with other stakeholder teams across the firm
- Ability to rapidly prototype with stubs, mocks and simulations
- Must be able to quickly turn rough drafts into working implementations
- Exposure to enterprise-scale development is a significant plus
- Medium-to-large scale development skills
- Design skills, specifically with UI toolkits
- Demonstrated ability to work with development teams and clients who are dispersed across geographies and time zones
Technology Risk Job Description
- Implement IT risk management framework
- Ensure that the Technology risk management infrastructure and practices are consistent with regulatory expectations and industry sound practices
- Provide increased transparency and visibility to critical IT risks and monitor remediation initiatives
- Proactively identify potential risk exposures within new technology solutions being designed and implemented, and partner with Technology Risk Officer and Information Security groups to monitor appropriate solutions to mitigate exposure
- Utilize available risk management tools (Audit ratings, RCSA, KRIs, Loss event data, external events) in conjunction with other environmental changes to proactively monitor the Technology control environment and identify and address potential weaknesses and/or gaps in a timely manner
- Partner with Info Security Program Office to ensure consistency in the management of information assets under the company risk management policies
- Serve as a subject matter expert in technology risk, controls, compliance, and information security best practices
- Serves as liaison with other Risk stripes, internal departments, lines of business, Regulators and other external parties
- Participate in due diligence efforts for new clients, vendors and M&A activity, as needed
- Influence and drive improvement as it relates to Technology Risk
- Strong information security, risk and controls experience
- Ability to manage across the FFIEC Risk Domains
- Understanding of systems development lifecycle and best practices
- Minimum PhD in Computer Science, Cyber-Security or Information Security
- Experience of developing enterprise security architecture
- Experience of performing architectural risk analysis and penetration testing